Does anyone found a solution for this?
Upgraded the connector to the most latest version (i.e. 18.104.22.16889.0) since the Pulse Secure is officially supported by ArcSight.
However, the logs are not getting parsed. Device vendor/product still shows as Unix/Unix. Sample entries as follows;
Device Vendor : Unix
Device Product : Unix
Device Process Name : PulseSecure
Device Custom String1.Module : PulseSecure
Name : 2016-07-03 11:32:12 - HostName - [127.0.0.1] System() - Removed expired user sessions from mail cache. Number of cached sessions before cleanup: 0. Number of sessions after cleanup: 0.
Please share if any of you got a solution for this. Thanks.